Checkmarx vs. Onapsis

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Checkmarx
Score 9.1 out of 10
N/A
Checkmarx, an Israeli headquartered company with US offices, provides a suite of application security software delivered via the Checkmarx Software Security Platform. Individual modules and capabilities include Checkmarx Static Application Security Testing, Checkmarx Software Composition Analysis, Checkmarx Interactive Application Security Testing (CxIAST)N/A
Onapsis
Score 9.0 out of 10
N/A
Onapsis, headquartered in Boston, offers application security software to enterprises in the form of the Onapsis Security Platform for SAP and the Onapsis Security Platform for Oracle E-Business Suite.N/A
Pricing
CheckmarxOnapsis
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
CheckmarxOnapsis
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
CheckmarxOnapsis
Considered Both Products
Checkmarx
Chose Checkmarx
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into …
Chose Checkmarx
We actually use Checkmarx along with the other tools. However, the reason we chose Checkmarx is its wide support for languages and useful fix recommendations. The flowcharts help better understand the data flow and give a clear picture of what needs to be fixed and how. Also, …
Onapsis
Chose Onapsis
Onapsis reduces risk and protects critical operations which protect the applications powering business by continuously monitoring for vulnerabilities and prioritizing remediation based on risk assessment. Onapsis is also a great tool as it implements continuous compliance. It …
Chose Onapsis
Honestly, I havent use something like Onapsis before and currently I am not aware if there is something similiar out there. They are one of a kind and is a complete suit, so is unlikelly that someone from outside will appear with a better solution.
Best Alternatives
CheckmarxOnapsis
Small Businesses
GitLab
GitLab
Score 8.7 out of 10
GitLab
GitLab
Score 8.7 out of 10
Medium-sized Companies
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Veracode
Veracode
Score 8.7 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
CheckmarxOnapsis
Likelihood to Recommend
9.0
(0 ratings)
9.0
(0 ratings)
Usability
7.0
(0 ratings)
-
(0 ratings)
User Testimonials
CheckmarxOnapsis
Likelihood to Recommend
If you are going with SAST process or want to improve overall security posture then go for it like integrating it with post deployment steps. If you are more concerned about proactive controls better choose other options such as pee-commit hooks and CI security. Also choose other tools for DAST and API scans.
Read full review
As a user, I would recommend Onapsis for people who are shorthanded in security or basis teams. One thing to be clear is that this is not a cheap product but still every penny counts here. If your SAP system has multiple products and connections then Onapsis is a great tool.
Read full review
Pros
  • Supports a large number of languages
  • Finds a large variety of potential risks
Read full review
  • Eliminating the manual process improves the overall accuracy of results and also frees up valuable resources to focus on other different projects.
  • Onapsis provides great leverage to our technical teams in order to review in a standardized way of the landscape.
  • Onapsis always matches vulnerabilities with useful context and finds possible solutions.
  • Onapsis is usually implemented to continuously monitor, and alert us on any issues on the SAP systems. Not only this but implementing Onapsis also eliminates the network on the year-end and month-end audits and helps in making the overall process faster, smooth, efficient as well as accurate.
Read full review
Cons
  • DAST capability can be the one where it does not support native use case of using OTP based arch
  • API Scanning is something that lacks a bit due to not much customizations
  • Branch wise reports for SAST is not available
Read full review
  • Multiple UIs
  • No proper customization of UI log-off
  • Tedious setup of Control component
  • No proper error messages received
Read full review
Usability
Checkmarx's usability is generally good, but it can be a bit complex for new users. The interface may take some time to get used to, especially for those unfamiliar with security tools. Once you become familiar with it, it’s effective and integrates well into development workflows.
Read full review
No answers on this topic
Alternatives Considered
Checkmarx is easier to integrate with development tools and gives quick feedback during coding, which is helpful for developers. Veracode is more focused on scanning and reporting for compliance, but it’s more complex to set up. We chose Checkmarx because it fits better into our development process, offering faster scans and more useful suggestions for fixing problems
Read full review
There are other tools which we have compared with Onapsis,
  1. SAP ETD
  2. SAP CVA
  3. SecurityBridge
These tools along with the highlighted ones in the above list do not cover all components of Onapsis and as far as we have seen, there is no tool providing the same competencies. It provides good insights, and is constantly updating. On top of that Onapsis Research Labs constantly contributes towards SAP Patch Tuesday regarding multiple "Hot News" vulnerabilities.
Read full review
Return on Investment
  • Great diversity of vulnerabilities covered.
  • Quicker scans
  • They are feature rich compared to other tools I used in the past.
  • Dashboards are not customizable enough.
  • High number of false positives take up time and sometimes make our report look bad.
Read full review
  • Helps in automating the regulatory compliances
  • Increases productivity by freeing resources in the firm
  • Provides better protection for sensitive information
  • Tedious to implement
  • Time difference between the ERP systems and Onapsis Appliances may cause an issue
  • Difficult to troubleshoot as error messages are not clear
Read full review
ScreenShots